Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK

Overview

General Information

Sample URL:http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK
Analysis ID:1582855
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious URL
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML title does not match URL
HTTP GET or POST without a user agent
None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

  • System is w11x64_office
  • chrome.exe (PID: 4484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 290DF23002E9B52249B5549F0C668A86)
    • chrome.exe (PID: 1208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1812,i,5676968392746827338,17800175750088234751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2236 /prefetch:11 MD5: 290DF23002E9B52249B5549F0C668A86)
  • chrome.exe (PID: 7332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK" MD5: 290DF23002E9B52249B5549F0C668A86)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCKSlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Phishing

barindex
AI detected suspicious URL
Source: EmailJoe Sandbox AI: AI detected IP in URL: http://4.lkx91.michaelhuegel.com
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: Number of links: 0
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: Title: Coming Soon - wattsgroup.co.nz does not match URL
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: Has password / email / username input fields
Source: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCKHTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/aboutHTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:50633 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:50635 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:50637 version: TLS 1.2
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1735661603065&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 4605Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.21.175
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.237
Source: unknownTCP traffic detected without corresponding DNS query: 18.238.49.124
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.44.203.173
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.56.166
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.81.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.59
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.15.252
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 51.137.3.145
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 51.137.3.145
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.16.131
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.16.131
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.16.131
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.197.184
Source: global trafficHTTP traffic detected: GET /api/tips-content/de-ch/xml/tips?release=cobalt&environment=dashboard&resolutionType=merge HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://windows.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://windows.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "93eaa60326dc4c17c3c6a4c2dbeb6569"
Source: global trafficHTTP traffic detected: GET /creativeservice/2d863f0f-0fd5-72db-6971-f905df03ef53_3255140379518978990_128000000004796009_assets__image_1709055739600.jpg HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: res.public.onecdn.static.microsoftConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCKAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCKAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/styles.css HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://4.lkx91.michaelhuegel.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /about HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.lkx91.michaelhuegel.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/about_styles.css HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://4.lkx91.michaelhuegel.com/aboutAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.lkx91.michaelhuegel.com/aboutAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cache-Control: max-age = 3600Connection: Keep-AliveAccept: */*If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMTIf-None-Match: "65ca969f-2cd"User-Agent: Microsoft-CryptoAPI/10.0Host: x1.c.lencr.org
Source: global trafficHTTP traffic detected: GET /news HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.lkx91.michaelhuegel.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.lkx91.michaelhuegel.com/newsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /about HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.lkx91.michaelhuegel.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: 4.lkx91.michaelhuegel.com
Source: global trafficDNS traffic detected: DNS query: feeds.foxnews.com
Source: unknownHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1735661603065&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 4605Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Address: gin_throttle_mw_7200000000_8.46.123.189X-Ratelimit-Limit: 500X-Ratelimit-Remaining: 485X-Ratelimit-Reset: 1735664773Date: Tue, 31 Dec 2024 16:13:40 GMTContent-Length: 0
Source: chromecache_100.2.dr, chromecache_94.2.drString found in binary or memory: https://feeds.foxnews.com/foxnews/world
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50614
Source: unknownNetwork traffic detected: HTTP traffic on port 50571 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50571
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50570
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50572
Source: unknownNetwork traffic detected: HTTP traffic on port 50632 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50610
Source: unknownNetwork traffic detected: HTTP traffic on port 50588 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50565 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50584 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50569 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50623
Source: unknownNetwork traffic detected: HTTP traffic on port 50635 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50610 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50553 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50557 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50584
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50583
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50614 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50564 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50589 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50568 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 50608 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50557
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50633
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50635
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50637
Source: unknownNetwork traffic detected: HTTP traffic on port 50596 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50553
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50596
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50555
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50632
Source: unknownNetwork traffic detected: HTTP traffic on port 50567 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50570 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50568
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50567
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50569
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50637 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50555 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
Source: unknownNetwork traffic detected: HTTP traffic on port 50572 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50564
Source: unknownNetwork traffic detected: HTTP traffic on port 50633 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50566
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50565
Source: unknownNetwork traffic detected: HTTP traffic on port 50623 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50587 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50566 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50590 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50608
Source: unknownNetwork traffic detected: HTTP traffic on port 50583 -> 443
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:50633 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:50635 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:50637 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir4484_48140352Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir4484_48140352Jump to behavior
Source: classification engineClassification label: mal52.win@16/14@8/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1812,i,5676968392746827338,17800175750088234751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2236 /prefetch:11
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1812,i,5676968392746827338,17800175750088234751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2236 /prefetch:11Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK0%Avira URL Cloudsafe
http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK100%SlashNextFraudulent Website type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://4.lkx91.michaelhuegel.com/favicon.ico0%Avira URL Cloudsafe
http://4.lkx91.michaelhuegel.com/assets/about_styles.css0%Avira URL Cloudsafe
http://4.lkx91.michaelhuegel.com/assets/styles.css0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
4.lkx91.michaelhuegel.com
185.246.85.141
truefalse
    		high
    www.google.com
    		142.250.184.228
    		truefalse
      		high
      feeds.foxnews.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCKtrue
          		unknown
          https://res.public.onecdn.static.microsoft/creativeservice/2d863f0f-0fd5-72db-6971-f905df03ef53_3255140379518978990_128000000004796009_assets__image_1709055739600.jpgfalse
            		high
            http://4.lkx91.michaelhuegel.com/false
              		unknown
              http://4.lkx91.michaelhuegel.com/favicon.icofalse
              • Avira URL Cloud: safe
              		unknown
              http://4.lkx91.michaelhuegel.com/newsfalse
                		unknown
                https://browser.events.data.msn.cn/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1735661603065&w=0&anoncknm=al_app_anon&NoResponseBody=truefalse
                  		high
                  http://4.lkx91.michaelhuegel.com/assets/styles.cssfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://4.lkx91.michaelhuegel.com/aboutfalse
                    		unknown
                    https://cxcs.microsoft.net/api/tips-content/de-ch/xml/tips?release=cobalt&environment=dashboard&resolutionType=mergefalse
                      		high
                      http://4.lkx91.michaelhuegel.com/assets/about_styles.cssfalse
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://feeds.foxnews.com/foxnews/worldchromecache_100.2.dr, chromecache_94.2.drfalse
                        		high

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        142.250.184.228
                        		www.google.comUnited States
                        		15169GOOGLEUSfalse
                        185.246.85.141
                        		4.lkx91.michaelhuegel.comFrance
                        		21409IKOULAFRfalse

                        Private

                        IP
                        192.168.2.24

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1582855
                        Start date and time:2024-12-31 17:12:36 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 3m 22s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:browseurl.jbs
                        Sample URL:http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK
                        Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                        Run name:Potential for more IOCs and behavior
                        Number of analysed new started processes analysed:22
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal52.win@16/14@8/3
                        EGA Information:Failed
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 0
                        • Number of non-executed functions: 0

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 142.250.184.227, 142.250.184.238, 64.233.167.84, 142.250.185.142, 142.250.185.238, 142.250.186.142, 151.101.2.132, 151.101.66.132, 151.101.130.132, 151.101.194.132, 142.250.181.238, 142.250.185.106, 142.250.185.170, 142.250.184.234, 142.250.185.234, 142.250.185.74, 216.58.206.74, 142.250.186.138, 172.217.16.202, 142.250.185.138, 216.58.212.170, 142.250.186.74, 142.250.186.106, 142.250.186.42, 216.58.212.138, 172.217.18.10, 142.250.185.202, 142.250.74.202, 216.58.206.42, 142.250.184.202, 142.250.184.206, 199.232.214.172, 142.250.186.67, 142.250.185.110, 172.217.16.206, 23.44.203.179, 2.23.209.135, 184.28.90.27, 4.245.163.56, 20.103.156.88, 40.126.32.140
                        • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, j.sni.global.fastly.net, content-autofill.googleapis.com, slscr.update.microsoft.com, fd.api.iris.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, x1.c.lencr.org, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, res.public.onecdn.static.microsoft, update.googleapis.com, clients.l.google.com, c.pki.goog
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size getting too big, too many NtOpenFile calls found.
                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                        • VT rate limit hit for: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASNs

                        No context

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        Chrome Cache Entry: 100

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text
                        Category:downloaded
                        Size (bytes):3195
                        Entropy (8bit):4.5774179129707075
                        Encrypted:false
                        SSDEEP:48:vu+C1AFRZpvtph6F6BgxVbaCdQciJ2ZBgof6PM5FGxs7vtj:vuT1Yd6ygx4cA2
                        MD5:0ED0D9CFCE1D0BBEC965DFF0BF6FF8AB
                        SHA1:F800035B2B5AA2C890A187733CC74BE14DB9A2E5
                        SHA-256:1589479C8620C06190C102AB49A0A09E400D1937782983705DD1B4FBC723A83A
                        SHA-512:7F159E57E3FF086C70EEB6892088FE06B1EFB67C9EF304517AA48977F1D6F1B498DFCF1D4290DD11259656E7C5F014C24F83BE8EF1CAABB85E29A3F533DD2246
                        Malicious:false
                        Reputation:low
                        URL:http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK
                        Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Fox News World RSS Feed - wattsgroup.co.nz </title>. <style>. body {. font-family: Arial, sans-serif;. background-color: #f4f6f9;. color: #333;. margin: 0;. padding: 0;. }.. .container {. width: 80%;. margin: 0 auto;. }.. h1 {. font-size: 2rem;. margin: 2rem 0;. }.. .news-item {. background-color: white;. padding: 1.5rem;. margin-bottom: 1rem;. box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);. }.. .news-item h2 {. font-size: 1.5rem;. margin-bottom: 1rem;. }.. .news-item a {. color: #1a73e8;. text-decoration: none;. }.. .news-item a:ho

                        Chrome Cache Entry: 94

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text
                        Category:downloaded
                        Size (bytes):3195
                        Entropy (8bit):4.5774179129707075
                        Encrypted:false
                        SSDEEP:48:vu+C1AFRZpvtph6F6BgxVbaCdQciJ2ZBgof6PM5FGxs7vtj:vuT1Yd6ygx4cA2
                        MD5:0ED0D9CFCE1D0BBEC965DFF0BF6FF8AB
                        SHA1:F800035B2B5AA2C890A187733CC74BE14DB9A2E5
                        SHA-256:1589479C8620C06190C102AB49A0A09E400D1937782983705DD1B4FBC723A83A
                        SHA-512:7F159E57E3FF086C70EEB6892088FE06B1EFB67C9EF304517AA48977F1D6F1B498DFCF1D4290DD11259656E7C5F014C24F83BE8EF1CAABB85E29A3F533DD2246
                        Malicious:false
                        Reputation:low
                        URL:http://4.lkx91.michaelhuegel.com/news
                        Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Fox News World RSS Feed - wattsgroup.co.nz </title>. <style>. body {. font-family: Arial, sans-serif;. background-color: #f4f6f9;. color: #333;. margin: 0;. padding: 0;. }.. .container {. width: 80%;. margin: 0 auto;. }.. h1 {. font-size: 2rem;. margin: 2rem 0;. }.. .news-item {. background-color: white;. padding: 1.5rem;. margin-bottom: 1rem;. box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);. }.. .news-item h2 {. font-size: 1.5rem;. margin-bottom: 1rem;. }.. .news-item a {. color: #1a73e8;. text-decoration: none;. }.. .news-item a:ho

                        Chrome Cache Entry: 95

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text
                        Category:downloaded
                        Size (bytes):2877
                        Entropy (8bit):4.859680281553471
                        Encrypted:false
                        SSDEEP:48:Z5JJpI4LLIk6ddLHJy8A3SXUV/ot5CjsEn+yxw4Dj7jvj:r3LLIk6T9yvGssE5x7
                        MD5:D789D413AACD394D5DD0F75C7CEDF95A
                        SHA1:CC82AE047F1B66343F8488FE0A017AD1960054DA
                        SHA-256:59BF80ABE64AEE9944DCBA2930967833C0A96914420E48EF1F94E7136EB171F7
                        SHA-512:D2BA473C0CC9B83DF0F903CCC8E48C074D7EF8302A45514BF085A542D3C3199E1F217C3B53D9A2405D64D57F19451EAC1CC4F5FE5AFC9DE375BB91DA2B582798
                        Malicious:false
                        Reputation:low
                        URL:http://4.lkx91.michaelhuegel.com/
                        Preview:.............<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Coming Soon - wattsgroup.co.nz</title>.. <link rel="stylesheet" href="/assets/styles.css">..</head>.<body>.<div class="container">. <h1>Our Website is Coming Soon!</h1>. <p>We are working hard to give you the best experience. Stay tuned!</p>. <div class="countdown">. <div class="countdown-item">. <span id="days">00</span>. <label>Days</label>. </div>. <div class="countdown-item">. <span id="hours">00</span>. <label>Hours</label>. </div>. <div class="countdown-item">. <span id="minutes">00</span>. <label>Minutes</label>. </div>. <div class="countdown-item">. <span id="seconds">00</span>. <label>Seconds</label>. </div>. </div>.. <form id="subscription-form" onsubmit

                        Chrome Cache Entry: 96

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text
                        Category:downloaded
                        Size (bytes):714
                        Entropy (8bit):4.640934656505668
                        Encrypted:false
                        SSDEEP:12:U068a0fvM2SMGRDGW4Q1bTNKqkFk80MFr+jF35PHtXFGSECp3t6FGSECpa6FGSEI:UkvMuGRKePcV1YF3LX8SECVt68SEC06l
                        MD5:4BE8EF55271B17CF4B27C93F9C21044F
                        SHA1:9D0DA00EC2C6BD31D3EECCF4F97B9D9DFB409822
                        SHA-256:48796E60D0E2924366A3E3BBFC06A948C1D631AB0B8DFA27E2CA9F8EE58053E7
                        SHA-512:B7ACE1CA1DE39D61154D26C0306AA5EF64E64C08FA1B15EE406CA887D23D59DF30A3FC73E143C8C87B5F71291F9B918DE207DEF1C77AF91046C7564E60CE4517
                        Malicious:false
                        Reputation:low
                        URL:http://4.lkx91.michaelhuegel.com/assets/about_styles.css
                        Preview:body {. font-family: Arial, sans-serif;. background-color: #f0f0f0;. display: flex;. justify-content: center;. align-items: center;. height: 100vh;. margin: 0;. padding: 0;.}...container {. width: 80%;. margin: auto;. overflow: hidden;. padding: 0 2rem;. background-color: #fff;. padding: 2rem;. border-radius: 5px;. box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);.}..h1 {. font-size: 2rem;. color: #333;. margin-bottom: 1rem;.}..p {. font-size: 1rem;. color: #333;. margin-bottom: 1rem;.}..ul {. font-size: 1rem;. color: #333;. margin-bottom: 1rem;. padding-left: 1.5rem;.}..li {. margin-bottom: 0.5rem;.}.

                        Chrome Cache Entry: 97

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text
                        Category:downloaded
                        Size (bytes):1435
                        Entropy (8bit):4.7130828204283555
                        Encrypted:false
                        SSDEEP:24:UkvMuGRKe7+U6eSEMDSaGvMdufqGmnoSPfzS7pvMugQrYFv0CGSTYFUL9MtDY3Ss:Uk9w7x9sHGgufRNkz09fcFMCGJFUL9MO
                        MD5:1FB5EDFEA0AF10D301EFCD56738BA30A
                        SHA1:1AAC6EB08825AD63AC334CFF1F816CC9ECA71219
                        SHA-256:161D0961994DD86814FAFBA6EDD6FA7A75D17B19B2E60E1EE01ADAA9EA19DADC
                        SHA-512:A0C3F78B663E01D24DDD53AF6D0D1E3E9DD743C3E4CB6FC8F45588BCC37AB3923A2992505C4842D9E451692A7E7495155F58BFED056BCFE57E02204603F962DD
                        Malicious:false
                        Reputation:low
                        URL:http://4.lkx91.michaelhuegel.com/assets/styles.css
                        Preview:body {. font-family: Arial, sans-serif;. background-color: #f0f0f0;. display: flex;. justify-content: center;. align-items: center;. height: 100vh;. margin: 0;. padding: 0;.}...container {. background-color: #ffffff;. padding: 30px;. border-radius: 10px;. box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);. text-align: center;.}..h1 {. font-size: 36px;. margin-bottom: 20px;. color: #333;.}..p {. font-size: 18px;. color: #777;. margin-bottom: 40px;.}...countdown {. display: flex;. justify-content: center;. margin-bottom: 40px;.}...countdown-item {. display: inline-block;. margin: 0 10px;.}...countdown-item span {. font-size: 24px;. color: #444;.}...countdown-item label {. display: block;. font-size: 14px;. color: #999;.}..form {. display: flex;. justify-content: center;. align-items: center;. flex-direction: column;.}..input[type="email"] {. font-size: 16px;. padding: 10px;. border: 1px sol

                        Chrome Cache Entry: 98

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text, with very long lines (454), with CRLF line terminators
                        Category:downloaded
                        Size (bytes):2176
                        Entropy (8bit):4.633464119861773
                        Encrypted:false
                        SSDEEP:48:FrRUUtfTbGHdPJQLwVXjpG6qkdZA98zE9bH2Mjn9TAc:9WUtrbG9bVXsNyA98zEEMjn9TH
                        MD5:ECAA183EFB1A465A09483E3F07A8D9FC
                        SHA1:2A896975215454ADAEA4AE94F50B8A7E858061C9
                        SHA-256:C4534B8F7160919D02D7181081898ADB7F03243DC42A257697B42102239B2B3D
                        SHA-512:054E275BFE8A6204E6E01A15109F4F39EBAAA611F725B9F59ABCD7F5603B4F67CF3E7314F5555EA9E773B6729E8CBF67915D3F875C096442882D46D5DEFDD97B
                        Malicious:false
                        Reputation:low
                        URL:http://4.lkx91.michaelhuegel.com/about
                        Preview:........................<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>About Us - wattsgroup.co.nz</title>.. <link rel="stylesheet" href="/assets/about_styles.css">..</head>..<body>..<div class="container">.. <h1>About Our Email Marketing Agency</h1>.. <p>Our email marketing agency specializes in creating effective and engaging email campaigns tailored to meet the unique needs of businesses of all sizes. With a team of experienced marketing professionals, we are dedicated to helping our clients achieve their marketing goals and drive growth through the power of email marketing.</p>.. <p>At our agency, we understand the importance of personalized, targeted email marketing strategies. By combining cutting-edge technology with data-driven insights and creative expertise, we deliver email campaigns that resonate with your audience, foster customer loyalty, and increase

                        Chrome Cache Entry: 99

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with no line terminators
                        Category:downloaded
                        Size (bytes):16
                        Entropy (8bit):3.875
                        Encrypted:false
                        SSDEEP:3:HoUinYn:IUyY
                        MD5:903747EA4323C522742842A52CE710C9
                        SHA1:9F806EA4288867A31A4AD53AC171AA4029DF182B
                        SHA-256:4BD8B60F91849C936AE45615145A7B7BE2CF803322A30BABBAE7267A142CA5BB
                        SHA-512:EEF73DC29A38ED70FFCFC321931BCB5B5A29FAAC356E8F6D84F57C532EEF44AE75021C341CF7DAE26B8211924A1C0E0EC4735F6BFC4AF3970A48EB63BFB7895F
                        Malicious:false
                        Reputation:low
                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTMxLjAuNjc3OC4xMDkSGQmC6EcvaJfRhBIFDYOoWz0hgKiKtmPGx8w=?alt=proto
                        Preview:CgkKBw2DqFs9GgA=

                        Static File Info

                        No static file info

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Dec 31, 2024 17:13:25.448286057 CET50589443192.168.2.24150.171.28.10
                        Dec 31, 2024 17:13:25.448287964 CET50587443192.168.2.24150.171.28.10
                        Dec 31, 2024 17:13:25.448291063 CET50588443192.168.2.24150.171.28.10
                        Dec 31, 2024 17:13:25.448493958 CET50590443192.168.2.24150.171.28.10
                        Dec 31, 2024 17:13:25.448494911 CET5059180192.168.2.24192.229.221.95
                        Dec 31, 2024 17:13:25.831696033 CET8050599204.79.197.203192.168.2.24
                        Dec 31, 2024 17:13:25.831731081 CET8050599204.79.197.203192.168.2.24
                        Dec 31, 2024 17:13:25.831933022 CET5059980192.168.2.24204.79.197.203
                        Dec 31, 2024 17:13:25.874670982 CET50596443192.168.2.2420.189.173.11
                        Dec 31, 2024 17:13:25.874692917 CET4435059620.189.173.11192.168.2.24
                        Dec 31, 2024 17:13:25.875950098 CET4435059620.189.173.11192.168.2.24
                        Dec 31, 2024 17:13:25.876029968 CET50596443192.168.2.2420.189.173.11
                        Dec 31, 2024 17:13:25.878509998 CET50596443192.168.2.2420.189.173.11
                        Dec 31, 2024 17:13:25.878583908 CET4435059620.189.173.11192.168.2.24
                        Dec 31, 2024 17:13:25.878638029 CET50596443192.168.2.2420.189.173.11
                        Dec 31, 2024 17:13:25.878645897 CET4435059620.189.173.11192.168.2.24
                        Dec 31, 2024 17:13:25.878688097 CET50596443192.168.2.2420.189.173.11
                        Dec 31, 2024 17:13:25.878907919 CET50596443192.168.2.2420.189.173.11
                        Dec 31, 2024 17:13:25.879036903 CET50596443192.168.2.2420.189.173.11
                        Dec 31, 2024 17:13:25.879070997 CET4435059620.189.173.11192.168.2.24
                        Dec 31, 2024 17:13:25.879446983 CET50596443192.168.2.2420.189.173.11
                        Dec 31, 2024 17:13:25.879483938 CET4435059620.189.173.11192.168.2.24
                        Dec 31, 2024 17:13:25.879539013 CET50596443192.168.2.2420.189.173.11
                        Dec 31, 2024 17:13:36.028824091 CET50608443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:13:36.028879881 CET44350608142.250.184.228192.168.2.24
                        Dec 31, 2024 17:13:36.028958082 CET50608443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:13:36.029203892 CET50608443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:13:36.029222012 CET44350608142.250.184.228192.168.2.24
                        Dec 31, 2024 17:13:36.876760960 CET44350608142.250.184.228192.168.2.24
                        Dec 31, 2024 17:13:36.877409935 CET50608443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:13:36.877441883 CET44350608142.250.184.228192.168.2.24
                        Dec 31, 2024 17:13:36.880553007 CET44350608142.250.184.228192.168.2.24
                        Dec 31, 2024 17:13:36.880611897 CET50608443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:13:36.882091045 CET50608443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:13:36.882172108 CET44350608142.250.184.228192.168.2.24
                        Dec 31, 2024 17:13:36.928888083 CET50608443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:13:36.928910017 CET44350608142.250.184.228192.168.2.24
                        Dec 31, 2024 17:13:36.975877047 CET50608443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:13:37.003264904 CET4435056723.56.210.49192.168.2.24
                        Dec 31, 2024 17:13:37.003448963 CET4435056723.56.210.49192.168.2.24
                        Dec 31, 2024 17:13:37.003719091 CET50567443192.168.2.2423.56.210.49
                        Dec 31, 2024 17:13:37.004132032 CET4435056623.56.210.49192.168.2.24
                        Dec 31, 2024 17:13:37.004211903 CET4435056623.56.210.49192.168.2.24
                        Dec 31, 2024 17:13:37.004281998 CET50566443192.168.2.2423.56.210.49
                        Dec 31, 2024 17:13:37.055320978 CET4435056523.56.210.49192.168.2.24
                        Dec 31, 2024 17:13:37.055392027 CET4435056523.56.210.49192.168.2.24
                        Dec 31, 2024 17:13:37.055464029 CET50565443192.168.2.2423.56.210.49
                        Dec 31, 2024 17:13:37.375031948 CET50610443192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:37.375102043 CET44350610185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:37.375195980 CET50610443192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:37.375416040 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:37.375610113 CET5061280192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:37.376108885 CET50610443192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:37.376127005 CET44350610185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:37.380264044 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:37.380338907 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:37.380383968 CET8050612185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:37.380429029 CET5061280192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:38.817296028 CET44350610185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:38.817397118 CET44350610185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:38.817468882 CET50610443192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:38.817687035 CET50610443192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:38.817708969 CET44350610185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:38.818417072 CET50614443192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:38.818461895 CET44350614185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:38.818563938 CET50614443192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:38.819401026 CET50614443192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:38.819417000 CET44350614185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:40.261193037 CET44350614185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:40.261545897 CET44350614185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:40.261796951 CET50614443192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:40.261885881 CET50614443192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:40.261909008 CET44350614185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:40.264964104 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:40.269763947 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:40.445447922 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:40.445466995 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:40.445481062 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:40.445697069 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:40.544725895 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:40.549596071 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:40.725084066 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:40.776979923 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:46.802436113 CET44350608142.250.184.228192.168.2.24
                        Dec 31, 2024 17:13:46.802522898 CET44350608142.250.184.228192.168.2.24
                        Dec 31, 2024 17:13:46.802841902 CET50608443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:13:48.729816914 CET50608443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:13:48.729849100 CET44350608142.250.184.228192.168.2.24
                        Dec 31, 2024 17:13:51.379560947 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:51.384509087 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:51.577927113 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:51.577939034 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:51.577949047 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:51.577960014 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:51.578037024 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:51.578073025 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:51.616755962 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:51.621659040 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:51.797399998 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:51.797416925 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:13:51.797486067 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:13:56.911048889 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:56.911150932 CET44350623152.199.21.175192.168.2.24
                        Dec 31, 2024 17:13:56.911252975 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:56.978523970 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:56.978562117 CET44350623152.199.21.175192.168.2.24
                        Dec 31, 2024 17:13:57.791747093 CET44350623152.199.21.175192.168.2.24
                        Dec 31, 2024 17:13:57.792785883 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:57.948190928 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:57.948218107 CET44350623152.199.21.175192.168.2.24
                        Dec 31, 2024 17:13:57.949502945 CET44350623152.199.21.175192.168.2.24
                        Dec 31, 2024 17:13:57.949572086 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:57.952879906 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:57.953046083 CET44350623152.199.21.175192.168.2.24
                        Dec 31, 2024 17:13:57.953097105 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:57.953113079 CET44350623152.199.21.175192.168.2.24
                        Dec 31, 2024 17:13:57.953150988 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:58.007247925 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:58.051342010 CET44350623152.199.21.175192.168.2.24
                        Dec 31, 2024 17:13:58.189960957 CET44350623152.199.21.175192.168.2.24
                        Dec 31, 2024 17:13:58.190017939 CET44350623152.199.21.175192.168.2.24
                        Dec 31, 2024 17:13:58.190083027 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:58.190099955 CET44350623152.199.21.175192.168.2.24
                        Dec 31, 2024 17:13:58.190166950 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:58.194246054 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:58.194271088 CET44350623152.199.21.175192.168.2.24
                        Dec 31, 2024 17:13:58.194283009 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:13:58.194334030 CET50623443192.168.2.24152.199.21.175
                        Dec 31, 2024 17:14:02.420013905 CET50555443192.168.2.24204.79.197.203
                        Dec 31, 2024 17:14:02.424823999 CET44350555204.79.197.203192.168.2.24
                        Dec 31, 2024 17:14:03.219012976 CET50572443192.168.2.2420.110.205.119
                        Dec 31, 2024 17:14:03.219053984 CET50571443192.168.2.24204.79.197.237
                        Dec 31, 2024 17:14:03.223951101 CET4435057220.110.205.119192.168.2.24
                        Dec 31, 2024 17:14:03.223977089 CET44350571204.79.197.237192.168.2.24
                        Dec 31, 2024 17:14:03.331026077 CET50569443192.168.2.2418.238.49.124
                        Dec 31, 2024 17:14:03.335979939 CET4435056918.238.49.124192.168.2.24
                        Dec 31, 2024 17:14:03.362020016 CET50570443192.168.2.24204.79.197.203
                        Dec 31, 2024 17:14:03.366859913 CET44350570204.79.197.203192.168.2.24
                        Dec 31, 2024 17:14:03.438534975 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:03.443490028 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:03.619194984 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:03.619219065 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:03.619234085 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:03.619277000 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:03.647871971 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:03.652746916 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:03.839912891 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:03.886992931 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:05.887023926 CET50583443192.168.2.2423.44.203.173
                        Dec 31, 2024 17:14:05.892004967 CET4435058323.44.203.173192.168.2.24
                        Dec 31, 2024 17:14:06.030997038 CET50584443192.168.2.24204.79.197.203
                        Dec 31, 2024 17:14:06.035839081 CET44350584204.79.197.203192.168.2.24
                        Dec 31, 2024 17:14:06.680417061 CET50564443192.168.2.2423.51.56.166
                        Dec 31, 2024 17:14:06.685257912 CET4435056423.51.56.166192.168.2.24
                        Dec 31, 2024 17:14:07.052045107 CET50557443192.168.2.2472.21.81.200
                        Dec 31, 2024 17:14:07.056977034 CET4435055772.21.81.200192.168.2.24
                        Dec 31, 2024 17:14:07.355011940 CET50553443192.168.2.24104.117.182.59
                        Dec 31, 2024 17:14:07.359925985 CET44350553104.117.182.59192.168.2.24
                        Dec 31, 2024 17:14:07.979090929 CET50568443192.168.2.2451.104.15.252
                        Dec 31, 2024 17:14:07.984034061 CET4435056851.104.15.252192.168.2.24
                        Dec 31, 2024 17:14:14.369229078 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:14.374224901 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:14.549768925 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:14.549794912 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:14.549844980 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:14.549850941 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:14.549865007 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:14.549982071 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:16.255161047 CET4972980192.168.2.24192.229.221.95
                        Dec 31, 2024 17:14:16.255209923 CET49727443192.168.2.2451.137.3.145
                        Dec 31, 2024 17:14:16.255256891 CET4973280192.168.2.24204.79.197.203
                        Dec 31, 2024 17:14:16.260271072 CET8049729192.229.221.95192.168.2.24
                        Dec 31, 2024 17:14:16.260409117 CET4972980192.168.2.24192.229.221.95
                        Dec 31, 2024 17:14:16.260818958 CET4434972751.137.3.145192.168.2.24
                        Dec 31, 2024 17:14:16.260832071 CET8049732204.79.197.203192.168.2.24
                        Dec 31, 2024 17:14:16.260871887 CET49727443192.168.2.2451.137.3.145
                        Dec 31, 2024 17:14:16.260895967 CET4973280192.168.2.24204.79.197.203
                        Dec 31, 2024 17:14:16.497615099 CET5062580192.168.2.24172.217.16.131
                        Dec 31, 2024 17:14:16.503668070 CET8050625172.217.16.131192.168.2.24
                        Dec 31, 2024 17:14:16.503741980 CET5062580192.168.2.24172.217.16.131
                        Dec 31, 2024 17:14:16.503844023 CET5062580192.168.2.24172.217.16.131
                        Dec 31, 2024 17:14:16.510015965 CET8050625172.217.16.131192.168.2.24
                        Dec 31, 2024 17:14:17.114521027 CET8050625172.217.16.131192.168.2.24
                        Dec 31, 2024 17:14:17.130256891 CET5062680192.168.2.242.23.197.184
                        Dec 31, 2024 17:14:17.135209084 CET80506262.23.197.184192.168.2.24
                        Dec 31, 2024 17:14:17.135359049 CET5062680192.168.2.242.23.197.184
                        Dec 31, 2024 17:14:17.135473013 CET5062680192.168.2.242.23.197.184
                        Dec 31, 2024 17:14:17.140396118 CET80506262.23.197.184192.168.2.24
                        Dec 31, 2024 17:14:17.166057110 CET5062580192.168.2.24172.217.16.131
                        Dec 31, 2024 17:14:17.774312019 CET80506262.23.197.184192.168.2.24
                        Dec 31, 2024 17:14:17.782656908 CET5055280192.168.2.24199.232.210.172
                        Dec 31, 2024 17:14:17.782757998 CET5056380192.168.2.24199.232.210.172
                        Dec 31, 2024 17:14:17.787702084 CET8050552199.232.210.172192.168.2.24
                        Dec 31, 2024 17:14:17.787785053 CET5055280192.168.2.24199.232.210.172
                        Dec 31, 2024 17:14:17.788003922 CET8050563199.232.210.172192.168.2.24
                        Dec 31, 2024 17:14:17.788065910 CET5056380192.168.2.24199.232.210.172
                        Dec 31, 2024 17:14:17.822067976 CET5062680192.168.2.242.23.197.184
                        Dec 31, 2024 17:14:22.018058062 CET50567443192.168.2.2423.56.210.49
                        Dec 31, 2024 17:14:22.018096924 CET50566443192.168.2.2423.56.210.49
                        Dec 31, 2024 17:14:22.023004055 CET4435056723.56.210.49192.168.2.24
                        Dec 31, 2024 17:14:22.023025990 CET4435056623.56.210.49192.168.2.24
                        Dec 31, 2024 17:14:22.064054966 CET50565443192.168.2.2423.56.210.49
                        Dec 31, 2024 17:14:22.068855047 CET4435056523.56.210.49192.168.2.24
                        Dec 31, 2024 17:14:22.383096933 CET5061280192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:22.388129950 CET8050612185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:25.235430002 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:25.240416050 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:25.417233944 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:25.417349100 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:25.417362928 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:25.417432070 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:33.502326965 CET8050599204.79.197.203192.168.2.24
                        Dec 31, 2024 17:14:33.502401114 CET5059980192.168.2.24204.79.197.203
                        Dec 31, 2024 17:14:33.502500057 CET5059980192.168.2.24204.79.197.203
                        Dec 31, 2024 17:14:33.507232904 CET8050599204.79.197.203192.168.2.24
                        Dec 31, 2024 17:14:36.076564074 CET50632443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:14:36.076658010 CET44350632142.250.184.228192.168.2.24
                        Dec 31, 2024 17:14:36.076759100 CET50632443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:14:36.077217102 CET50632443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:14:36.077255011 CET44350632142.250.184.228192.168.2.24
                        Dec 31, 2024 17:14:36.908265114 CET44350632142.250.184.228192.168.2.24
                        Dec 31, 2024 17:14:36.908826113 CET50632443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:14:36.908900976 CET44350632142.250.184.228192.168.2.24
                        Dec 31, 2024 17:14:36.909256935 CET44350632142.250.184.228192.168.2.24
                        Dec 31, 2024 17:14:36.912811995 CET50632443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:14:36.912892103 CET44350632142.250.184.228192.168.2.24
                        Dec 31, 2024 17:14:36.970207930 CET50632443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:14:37.108808994 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:37.113713026 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:37.289410114 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:37.289424896 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:37.289450884 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:37.289463043 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:37.289478064 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:37.289527893 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:37.870255947 CET5061280192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:37.875371933 CET8050612185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:37.875433922 CET5061280192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:42.219218969 CET49673443192.168.2.2420.198.118.190
                        Dec 31, 2024 17:14:42.219280958 CET4434967320.198.118.190192.168.2.24
                        Dec 31, 2024 17:14:42.843816042 CET50633443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:42.843863010 CET4435063340.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:42.844088078 CET50633443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:42.844974041 CET50633443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:42.844984055 CET4435063340.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:43.668091059 CET4435063340.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:43.668292999 CET50633443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:43.680257082 CET50633443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:43.680279970 CET4435063340.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:43.680732012 CET4435063340.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:43.733170033 CET50633443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:44.844340086 CET50633443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:44.844419003 CET50633443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:44.844429016 CET4435063340.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:44.844552994 CET50633443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:44.891325951 CET4435063340.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:45.023050070 CET4435063340.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:45.023184061 CET4435063340.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:45.023236990 CET50633443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:45.023360968 CET50633443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:45.023375034 CET4435063340.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:45.656543970 CET50635443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:45.656635046 CET4435063540.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:45.656735897 CET50635443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:45.657556057 CET50635443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:45.657579899 CET4435063540.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:46.448414087 CET4435063540.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:46.448499918 CET50635443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:46.450850964 CET50635443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:46.450870991 CET4435063540.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:46.451654911 CET4435063540.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:46.455777884 CET50635443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:46.455904007 CET50635443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:46.455920935 CET4435063540.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:46.455966949 CET50635443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:46.499336004 CET4435063540.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:46.631299019 CET4435063540.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:46.631572962 CET4435063540.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:46.633486032 CET50635443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:46.634869099 CET50635443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:46.634900093 CET4435063540.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:46.850650072 CET44350632142.250.184.228192.168.2.24
                        Dec 31, 2024 17:14:46.850738049 CET44350632142.250.184.228192.168.2.24
                        Dec 31, 2024 17:14:46.850905895 CET50632443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:14:47.357325077 CET50632443192.168.2.24142.250.184.228
                        Dec 31, 2024 17:14:47.357413054 CET44350632142.250.184.228192.168.2.24
                        Dec 31, 2024 17:14:47.436156988 CET50555443192.168.2.24204.79.197.203
                        Dec 31, 2024 17:14:47.441118956 CET44350555204.79.197.203192.168.2.24
                        Dec 31, 2024 17:14:48.234181881 CET50572443192.168.2.2420.110.205.119
                        Dec 31, 2024 17:14:48.234323978 CET50571443192.168.2.24204.79.197.237
                        Dec 31, 2024 17:14:48.239094019 CET4435057220.110.205.119192.168.2.24
                        Dec 31, 2024 17:14:48.239109039 CET44350571204.79.197.237192.168.2.24
                        Dec 31, 2024 17:14:48.347943068 CET50569443192.168.2.2418.238.49.124
                        Dec 31, 2024 17:14:48.352751017 CET4435056918.238.49.124192.168.2.24
                        Dec 31, 2024 17:14:48.380851030 CET50570443192.168.2.24204.79.197.203
                        Dec 31, 2024 17:14:48.386746883 CET44350570204.79.197.203192.168.2.24
                        Dec 31, 2024 17:14:49.168839931 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:49.172363997 CET5063680192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:49.173783064 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:49.177145958 CET8050636185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:49.177216053 CET5063680192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:49.349778891 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:49.349795103 CET8050611185.246.85.141192.168.2.24
                        Dec 31, 2024 17:14:49.349858999 CET5061180192.168.2.24185.246.85.141
                        Dec 31, 2024 17:14:50.208775997 CET443497262.16.158.192192.168.2.24
                        Dec 31, 2024 17:14:50.208908081 CET443497262.16.158.192192.168.2.24
                        Dec 31, 2024 17:14:50.208949089 CET49726443192.168.2.242.16.158.192
                        Dec 31, 2024 17:14:50.208997011 CET49726443192.168.2.242.16.158.192
                        Dec 31, 2024 17:14:50.892265081 CET50583443192.168.2.2423.44.203.173
                        Dec 31, 2024 17:14:50.897131920 CET4435058323.44.203.173192.168.2.24
                        Dec 31, 2024 17:14:51.050235987 CET50584443192.168.2.24204.79.197.203
                        Dec 31, 2024 17:14:51.055056095 CET44350584204.79.197.203192.168.2.24
                        Dec 31, 2024 17:14:51.689218044 CET50564443192.168.2.2423.51.56.166
                        Dec 31, 2024 17:14:51.694174051 CET4435056423.51.56.166192.168.2.24
                        Dec 31, 2024 17:14:52.057209015 CET50557443192.168.2.2472.21.81.200
                        Dec 31, 2024 17:14:52.062064886 CET4435055772.21.81.200192.168.2.24
                        Dec 31, 2024 17:14:52.363862991 CET50553443192.168.2.24104.117.182.59
                        Dec 31, 2024 17:14:52.368714094 CET44350553104.117.182.59192.168.2.24
                        Dec 31, 2024 17:14:52.984277010 CET50568443192.168.2.2451.104.15.252
                        Dec 31, 2024 17:14:52.989240885 CET4435056851.104.15.252192.168.2.24
                        Dec 31, 2024 17:14:54.516586065 CET49728443192.168.2.24104.126.37.201
                        Dec 31, 2024 17:14:54.522068977 CET44349728104.126.37.201192.168.2.24
                        Dec 31, 2024 17:14:54.522211075 CET49728443192.168.2.24104.126.37.201
                        Dec 31, 2024 17:14:54.736224890 CET50637443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:54.736268044 CET4435063740.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:54.736349106 CET50637443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:54.737267971 CET50637443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:54.737281084 CET4435063740.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:55.549637079 CET4435063740.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:55.549731016 CET50637443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:55.554913044 CET50637443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:55.554924965 CET4435063740.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:55.555171013 CET4435063740.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:55.558279991 CET50637443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:55.558279991 CET50637443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:55.558296919 CET4435063740.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:55.558511019 CET50637443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:55.599343061 CET4435063740.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:55.738835096 CET4435063740.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:55.738914013 CET4435063740.115.3.253192.168.2.24
                        Dec 31, 2024 17:14:55.739021063 CET50637443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:55.739310980 CET50637443192.168.2.2440.115.3.253
                        Dec 31, 2024 17:14:55.739331007 CET4435063740.115.3.253192.168.2.24

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Dec 31, 2024 17:13:31.876594067 CET53579581.1.1.1192.168.2.24
                        Dec 31, 2024 17:13:33.066226006 CET53543081.1.1.1192.168.2.24
                        Dec 31, 2024 17:13:36.021064043 CET5931953192.168.2.241.1.1.1
                        Dec 31, 2024 17:13:36.021111965 CET5832153192.168.2.241.1.1.1
                        Dec 31, 2024 17:13:36.028079033 CET53583211.1.1.1192.168.2.24
                        Dec 31, 2024 17:13:36.028091908 CET53593191.1.1.1192.168.2.24
                        Dec 31, 2024 17:13:37.337737083 CET5912453192.168.2.241.1.1.1
                        Dec 31, 2024 17:13:37.338078976 CET5579853192.168.2.241.1.1.1
                        Dec 31, 2024 17:13:37.351218939 CET53557981.1.1.1192.168.2.24
                        Dec 31, 2024 17:13:37.355732918 CET6551953192.168.2.241.1.1.1
                        Dec 31, 2024 17:13:37.355958939 CET5490953192.168.2.241.1.1.1
                        Dec 31, 2024 17:13:37.367873907 CET53655191.1.1.1192.168.2.24
                        Dec 31, 2024 17:13:37.374178886 CET53591241.1.1.1192.168.2.24
                        Dec 31, 2024 17:13:37.389637947 CET53549091.1.1.1192.168.2.24
                        Dec 31, 2024 17:13:40.483577013 CET5403753192.168.2.241.1.1.1
                        Dec 31, 2024 17:13:40.483735085 CET5320453192.168.2.241.1.1.1
                        Dec 31, 2024 17:13:40.491553068 CET53532041.1.1.1192.168.2.24
                        Dec 31, 2024 17:13:50.014015913 CET53635611.1.1.1192.168.2.24
                        Dec 31, 2024 17:13:51.830204964 CET53573621.1.1.1192.168.2.24
                        Dec 31, 2024 17:14:00.977829933 CET53508621.1.1.1192.168.2.24
                        Dec 31, 2024 17:14:08.831748962 CET53610521.1.1.1192.168.2.24
                        Dec 31, 2024 17:14:31.294648886 CET53550761.1.1.1192.168.2.24
                        Dec 31, 2024 17:14:31.738518953 CET53523371.1.1.1192.168.2.24

                        ICMP Packets

                        TimestampSource IPDest IPChecksumCodeType
                        Dec 31, 2024 17:13:37.389727116 CET192.168.2.241.1.1.1c23f(Port unreachable)Destination Unreachable

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Dec 31, 2024 17:13:36.021064043 CET192.168.2.241.1.1.10x534dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                        Dec 31, 2024 17:13:36.021111965 CET192.168.2.241.1.1.10x4fbaStandard query (0)www.google.com65IN (0x0001)false
                        Dec 31, 2024 17:13:37.337737083 CET192.168.2.241.1.1.10xb90aStandard query (0)4.lkx91.michaelhuegel.comA (IP address)IN (0x0001)false
                        Dec 31, 2024 17:13:37.338078976 CET192.168.2.241.1.1.10xc8feStandard query (0)4.lkx91.michaelhuegel.com65IN (0x0001)false
                        Dec 31, 2024 17:13:37.355732918 CET192.168.2.241.1.1.10x3273Standard query (0)4.lkx91.michaelhuegel.comA (IP address)IN (0x0001)false
                        Dec 31, 2024 17:13:37.355958939 CET192.168.2.241.1.1.10x12e0Standard query (0)4.lkx91.michaelhuegel.com65IN (0x0001)false
                        Dec 31, 2024 17:13:40.483577013 CET192.168.2.241.1.1.10xe099Standard query (0)feeds.foxnews.comA (IP address)IN (0x0001)false
                        Dec 31, 2024 17:13:40.483735085 CET192.168.2.241.1.1.10xfde2Standard query (0)feeds.foxnews.com65IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Dec 31, 2024 17:13:36.028079033 CET1.1.1.1192.168.2.240x4fbaNo error (0)www.google.com65IN (0x0001)false
                        Dec 31, 2024 17:13:36.028091908 CET1.1.1.1192.168.2.240x534dNo error (0)www.google.com142.250.184.228A (IP address)IN (0x0001)false
                        Dec 31, 2024 17:13:37.367873907 CET1.1.1.1192.168.2.240x3273No error (0)4.lkx91.michaelhuegel.com185.246.85.141A (IP address)IN (0x0001)false
                        Dec 31, 2024 17:13:37.374178886 CET1.1.1.1192.168.2.240xb90aNo error (0)4.lkx91.michaelhuegel.com185.246.85.141A (IP address)IN (0x0001)false
                        Dec 31, 2024 17:13:40.491553068 CET1.1.1.1192.168.2.240xfde2No error (0)feeds.foxnews.comj.sni.global.fastly.netCNAME (Canonical name)IN (0x0001)false
                        Dec 31, 2024 17:13:40.493356943 CET1.1.1.1192.168.2.240xe099No error (0)feeds.foxnews.comj.sni.global.fastly.netCNAME (Canonical name)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • https:
                          • cxcs.microsoft.net
                        • browser.events.data.msn.cn
                        • res.public.onecdn.static.microsoft
                        • 4.lkx91.michaelhuegel.com
                        • c.pki.goog
                        • x1.c.lencr.org

                        HTTP Packets

                        Session IDSource IPSource PortDestination IPDestination Port
                        0192.168.2.2450599204.79.197.20380
                        TimestampBytes transferredDirectionData
                        Dec 31, 2024 17:13:25.831696033 CET1236INHTTP/1.1 200 OK
                        Cache-Control: max-age=86400
                        Content-Length: 1858
                        Content-Type: application/ocsp-response
                        Expires: Mon, 06 Jan 2025 17:30:04 GMT
                        Last-Modified: Sat, 28 Dec 2024 00:00:00 GMT
                        ETag: "3fc33bec5fa557eb1f16971a7962744283b91a99cc9a9809a00d30c7fc547a94"
                        X-Cache: TCP_HIT
                        X-Powered-By: ASP.NET
                        x-content-type-options: nosniff
                        X-Azure-Ref-OriginShield: Ref A: CE0D065865C04761ACC8DABDC791F824 Ref B: MNZ221060607021 Ref C: 2024-12-30T20:18:45Z
                        X-MSEdge-Ref: Ref A: 60267EDAF68D4C859C59EDDCFFBD476A Ref B: EWR30EDGE1112 Ref C: 2024-12-31T16:13:25Z
                        Date: Tue, 31 Dec 2024 16:13:25 GMT
                        Data Raw: 30 82 07 3e 0a 01 00 a0 82 07 37 30 82 07 33 06 09 2b 06 01 05 05 07 30 01 01 04 82 07 24 30 82 07 20 30 81 c5 a2 16 04 14 b1 42 75 8d 99 9b a1 40 88 00 04 cf 19 2a 00 1c b3 27 cd ef 18 0f 32 30 32 34 31 32 32 38 32 30 32 39 32 34 5a 30 81 99 30 81 96 30 4c 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 1b c6 63 18 d1 9b 62 15 75 ee b0 2b 74 69 cd 52 d5 9a 2a e2 04 14 f6 7e 2f bd 80 a3 4a b2 70 5b eb df 9a 1f d8 ed ca 61 80 07 02 13 33 00 f7 37 ab 7f da cf 91 f3 3e 3a a9 00 00 00 f7 37 ab 80 00 18 0f 32 30 32 34 31 32 32 38 31 37 31 30 30 34 5a a0 11 18 0f 32 30 32 35 30 31 30 35 31 37 33 30 30 34 5a a1 20 30 1e 30 1c 06 09 2b 06 01 04 01 82 37 15 04 04 0f 17 0d 32 35 30 31 30 31 31 37 32 30 30 34 5a 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 7c 9b 66 ec 6f b0 ff 6a 89 6d 56 d7 9d d6 dc 4e 16 d9 32 b6 e0 93 b8 06 29 6f 62 fe eb cb 24 e7 96 92 c5 43 e1 23 e9 71 75 49 8c b0 cd 19 4e 04 a2 c9 3e b2 dc fd 7e a8 9b b1 70 7b cc 19 5a 66 0d e1 19 cc ce 70 ea 86 1e 5c f7 26 fb b6 b5 92 c5 00 42 b2 [TRUNCATED]
                        Data Ascii: 0>703+0$0 0Bu@*'20241228202924Z000L0+cbu+tiR*~/Jp[a37>:720241228171004Z20250105173004Z 00+7250101172004Z0*H|fojmVN2)ob$C#quIN>~p{Zfp\&BHOX!I|L+FO<H)]2QxH+^x4K0BFqU/w^PnWy'4vOR[X|;k`kouJQ7FOmG[!I|@0<080 3^wt<^0*H0]10UUS10UMicrosoft Corporation1.0,U%Micros
                        Dec 31, 2024 17:13:25.831731081 CET1227INData Raw: 6f 66 74 20 41 7a 75 72 65 20 52 53 41 20 54 4c 53 20 49 73 73 75 69 6e 67 20 43 41 20 30 38 30 1e 17 0d 32 34 31 32 32 37 31 35 35 30 31 35 5a 17 0d 32 35 30 31 32 36 31 35 35 30 31 35 5a 30 6b 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0b 30 09
                        Data Ascii: oft Azure RSA TLS Issuing CA 080241227155015Z250126155015Z0k10UUS10UWA10URedmond10UMicrosoft Corporation10UAzureRSA08 OCSP Cert0"0*H0LdYiLeh`\cSyB8#


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.2450611185.246.85.141801208C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        Dec 31, 2024 17:13:40.264964104 CET510OUTGET /news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK HTTP/1.1
                        Host: 4.lkx91.michaelhuegel.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Dec 31, 2024 17:13:40.445447922 CET1236INHTTP/1.1 200 OK
                        Content-Type: text/html; charset=utf-8
                        X-Address: gin_throttle_mw_7200000000_8.46.123.189
                        X-Ratelimit-Limit: 500
                        X-Ratelimit-Remaining: 486
                        X-Ratelimit-Reset: 1735664773
                        Date: Tue, 31 Dec 2024 16:13:40 GMT
                        Transfer-Encoding: chunked
                        Data Raw: 38 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 78 20 4e 65 77 73 20 57 6f 72 6c 64 20 52 53 53 20 46 65 65 64 20 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 36 66 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 [TRUNCATED]
                        Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Fox News World RSS Feed - wattsgroup.co.nz </title> <style> body { font-family: Arial, sans-serif; background-color: #f4f6f9; color: #333; margin: 0; padding: 0; } .container { width: 80%; margin: 0 auto; } h1 { font-size: 2rem; margin: 2rem 0; } .news-item { background-color: white; padding: 1.5rem; margin-bottom: 1rem; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24); } .news-item h2 { font-size: 1.5rem; margin-bottom: 1rem; } .news-item a { color: #1a73e8; text-decoration: none;
                        Dec 31, 2024 17:13:40.445466995 CET1236INData Raw: 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 65 77 73 2d 69 74 65 6d 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20
                        Data Ascii: } .news-item a:hover { text-decoration: underline; } .news-item p { font-size: 1rem; margin-bottom: 0; } </style></head><body><div class="container"> <h1>Fox N
                        Dec 31, 2024 17:13:40.445481062 CET1001INData Raw: 65 64 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 67 75 69 64 20 3d 20 67 75 69 64 45 6c 65 6d 65 6e 74 20 3f 20 67 75 69 64 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3a 20 22 23 22 3b 0a 20 20 20 20 20 20 20
                        Data Ascii: ed"; const guid = guidElement ? guidElement.textContent : "#"; const description = descriptionElement ? descriptionElement.textContent : "No description available."; const content = contentElement ? contentE
                        Dec 31, 2024 17:13:40.544725895 CET464OUTGET /favicon.ico HTTP/1.1
                        Host: 4.lkx91.michaelhuegel.com
                        Connection: keep-alive
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                        Referer: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Dec 31, 2024 17:13:40.725084066 CET258INHTTP/1.1 404 Not Found
                        Content-Type: text/plain; charset=utf-8
                        X-Address: gin_throttle_mw_7200000000_8.46.123.189
                        X-Ratelimit-Limit: 500
                        X-Ratelimit-Remaining: 485
                        X-Ratelimit-Reset: 1735664773
                        Date: Tue, 31 Dec 2024 16:13:40 GMT
                        Content-Length: 0
                        Dec 31, 2024 17:13:51.379560947 CET554OUTGET / HTTP/1.1
                        Host: 4.lkx91.michaelhuegel.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Referer: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Dec 31, 2024 17:13:51.577927113 CET1236INHTTP/1.1 200 OK
                        Content-Type: text/html; charset=utf-8
                        X-Address: gin_throttle_mw_7200000000_8.46.123.189
                        X-Ratelimit-Limit: 500
                        X-Ratelimit-Remaining: 484
                        X-Ratelimit-Reset: 1735664773
                        Date: Tue, 31 Dec 2024 16:13:51 GMT
                        Transfer-Encoding: chunked
                        Data Raw: 38 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 4f 75 72 20 57 65 62 73 69 74 65 20 69 73 20 43 6f 6d 69 6e 67 20 53 6f 6f [TRUNCATED]
                        Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</label> </div> </div> <form id=
                        Dec 31, 2024 17:13:51.577939034 CET224INData Raw: 22 73 75 62 73 63 72 69 70 74 69 6f 6e 2d 66 6f 72 6d 22 20 6f 6e 73 75 62 6d 69 74 3d 22 73 75 62 6d 69 74 46 6f 72 6d 28 65 76 65 6e 74 29 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 65 6d 61 69 6c 22 20 69 64 3d 22
                        Data Ascii: "subscription-form" onsubmit="submitForm(event)"> <input type="email" id="email" placeholder="Enter your email" required> <button type="submit">Subscribe</button> <p id="subscription-message"></p>
                        Dec 31, 2024 17:13:51.577949047 CET1236INData Raw: 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6e 65 77 73 22 3e 46 6f 78 20 4e 65 77 73 3c 2f 61 3e 0a 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 61 62 6f 75 74 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61
                        Data Ascii: </form> <a href="news">Fox News</a> <br> <a href="about">Learn more about our email marketing agency</a> <br> <a href="opt-out">Unsubscribe from our newsletter</a> <br> <a href="privacy">Privacy Policy</a></div>
                        Dec 31, 2024 17:13:51.577960014 CET459INData Raw: 6f 53 74 72 69 6e 67 28 29 2e 70 61 64 53 74 61 72 74 28 32 2c 20 27 30 27 29 3b 0a 20 20 20 20 20 20 20 20 73 65 63 6f 6e 64 73 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3d 20 73 65 63 6f 6e 64 73 2e 74 6f 53 74 72 69 6e 67 28
                        Data Ascii: oString().padStart(2, '0'); secondsElement.textContent = seconds.toString().padStart(2, '0'); } function submitForm(event) { event.preventDefault(); const email = document.getElementById('email').value;
                        Dec 31, 2024 17:13:51.616755962 CET354OUTGET /assets/styles.css HTTP/1.1
                        Host: 4.lkx91.michaelhuegel.com
                        Connection: keep-alive
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                        Accept: text/css,*/*;q=0.1
                        Referer: http://4.lkx91.michaelhuegel.com/
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Dec 31, 2024 17:13:51.797399998 CET1236INHTTP/1.1 200 OK
                        Accept-Ranges: bytes
                        Content-Length: 1435
                        Content-Type: text/css; charset=utf-8
                        Last-Modified: Wed, 25 Dec 2024 14:04:36 GMT
                        Date: Tue, 31 Dec 2024 16:13:51 GMT
                        Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 33 30 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 30 70 78 3b 0a 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 34 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 29 3b 0a 20 20 20 20 [TRUNCATED]
                        Data Ascii: body { font-family: Arial, sans-serif; background-color: #f0f0f0; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; padding: 0;}.container { background-color: #ffffff; padding: 30px; border-radius: 10px; box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1); text-align: center;}h1 { font-size: 36px; margin-bottom: 20px; color: #333;}p { font-size: 18px; color: #777; margin-bottom: 40px;}.countdown { display: flex; justify-content: center; margin-bottom: 40px;}.countdown-item { display: inline-block; margin: 0 10px;}.countdown-item span { font-size: 24px; color: #444;}.countdown-item label { display: block; font-size: 14px; color: #999;}form { display: flex; justify-content: center; align-items: center; flex-direction: column;}input[type="email"] { font-size: 16px; padding: 10px; border: 1px solid #ccc; [TRUNCATED]
                        Dec 31, 2024 17:13:51.797416925 CET384INData Raw: 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 33 30 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 7d 0a 0a 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20
                        Data Ascii: max-width: 300px; margin-bottom: 20px;}button { font-size: 16px; padding: 10px 20px; background-color: #333; color: #fff; border: none; border-radius: 5px; cursor: pointer; transition: background-color
                        Dec 31, 2024 17:14:03.438534975 CET489OUTGET /about HTTP/1.1
                        Host: 4.lkx91.michaelhuegel.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Referer: http://4.lkx91.michaelhuegel.com/
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Dec 31, 2024 17:14:03.619194984 CET1236INHTTP/1.1 200 OK
                        Content-Type: text/html; charset=utf-8
                        X-Address: gin_throttle_mw_7200000000_8.46.123.189
                        X-Ratelimit-Limit: 500
                        X-Ratelimit-Remaining: 483
                        X-Ratelimit-Reset: 1735664773
                        Date: Tue, 31 Dec 2024 16:14:03 GMT
                        Transfer-Encoding: chunked
                        Data Raw: 38 30 30 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 62 6f 75 74 20 55 73 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 61 62 6f 75 74 5f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 20 20 20 20 3c 68 31 3e 41 62 6f [TRUNCATED]
                        Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>About Us - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/about_styles.css"></head><body><div class="container"> <h1>About Our Email Marketing Agency</h1> <p>Our email marketing agency specializes in creating effective and engaging email campaigns tailored to meet the unique needs of businesses of all sizes. With a team of experienced marketing professionals, we are dedicated to helping our clients achieve their marketing goals and drive growth through the power of email marketing.</p> <p>At our agency, we understand the importance of personalized, targeted email marketing strategies. By combining cutting-edge technology with data-driven insights and creative expertise, we deliver email campaigns that resonate with your audience, foster cu
                        Dec 31, 2024 17:14:03.619219065 CET224INData Raw: 73 74 6f 6d 65 72 20 6c 6f 79 61 6c 74 79 2c 20 61 6e 64 20 69 6e 63 72 65 61 73 65 20 63 6f 6e 76 65 72 73 69 6f 6e 73 2e 20 46 72 6f 6d 20 64 65 73 69 67 6e 69 6e 67 20 63 61 70 74 69 76 61 74 69 6e 67 20 65 6d 61 69 6c 20 74 65 6d 70 6c 61 74
                        Data Ascii: stomer loyalty, and increase conversions. From designing captivating email templates to crafting compelling subject lines, our comprehensive services cover every aspect of email marketing.</p> <p>Our services include:</
                        Dec 31, 2024 17:14:03.619234085 CET993INData Raw: 70 3e 0d 0a 20 20 20 20 3c 75 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 3e 45 6d 61 69 6c 20 73 74 72 61 74 65 67 79 20 64 65 76 65 6c 6f 70 6d 65 6e 74 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 3e 45 6d 61 69 6c 20 74 65 6d 70 6c
                        Data Ascii: p> <ul> <li>Email strategy development</li> <li>Email template design and coding</li> <li>Copywriting and content creation</li> <li>Email automation and triggered campaigns</li> <li>Segmentatio
                        Dec 31, 2024 17:14:03.647871971 CET365OUTGET /assets/about_styles.css HTTP/1.1
                        Host: 4.lkx91.michaelhuegel.com
                        Connection: keep-alive
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                        Accept: text/css,*/*;q=0.1
                        Referer: http://4.lkx91.michaelhuegel.com/about
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Dec 31, 2024 17:14:03.839912891 CET898INHTTP/1.1 200 OK
                        Accept-Ranges: bytes
                        Content-Length: 714
                        Content-Type: text/css; charset=utf-8
                        Last-Modified: Wed, 25 Dec 2024 14:04:36 GMT
                        Date: Tue, 31 Dec 2024 16:14:03 GMT
                        Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 38 30 25 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 72 65 6d 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 72 65 6d 3b 0a 20 [TRUNCATED]
                        Data Ascii: body { font-family: Arial, sans-serif; background-color: #f0f0f0; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; padding: 0;}.container { width: 80%; margin: auto; overflow: hidden; padding: 0 2rem; background-color: #fff; padding: 2rem; border-radius: 5px; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);}h1 { font-size: 2rem; color: #333; margin-bottom: 1rem;}p { font-size: 1rem; color: #333; margin-bottom: 1rem;}ul { font-size: 1rem; color: #333; margin-bottom: 1rem; padding-left: 1.5rem;}li { margin-bottom: 0.5rem;}
                        Dec 31, 2024 17:14:14.369229078 CET489OUTGET / HTTP/1.1
                        Host: 4.lkx91.michaelhuegel.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Referer: http://4.lkx91.michaelhuegel.com/about
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Dec 31, 2024 17:14:14.549768925 CET1236INHTTP/1.1 200 OK
                        Content-Type: text/html; charset=utf-8
                        X-Address: gin_throttle_mw_7200000000_8.46.123.189
                        X-Ratelimit-Limit: 500
                        X-Ratelimit-Remaining: 482
                        X-Ratelimit-Reset: 1735664773
                        Date: Tue, 31 Dec 2024 16:14:14 GMT
                        Transfer-Encoding: chunked
                        Data Raw: 38 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 4f 75 72 20 57 65 62 73 69 74 65 20 69 73 20 43 6f 6d 69 6e 67 20 53 6f 6f [TRUNCATED]
                        Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</label> </div> </div> <form id=
                        Dec 31, 2024 17:14:14.549794912 CET224INData Raw: 22 73 75 62 73 63 72 69 70 74 69 6f 6e 2d 66 6f 72 6d 22 20 6f 6e 73 75 62 6d 69 74 3d 22 73 75 62 6d 69 74 46 6f 72 6d 28 65 76 65 6e 74 29 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 65 6d 61 69 6c 22 20 69 64 3d 22
                        Data Ascii: "subscription-form" onsubmit="submitForm(event)"> <input type="email" id="email" placeholder="Enter your email" required> <button type="submit">Subscribe</button> <p id="subscription-message"></p>
                        Dec 31, 2024 17:14:14.549850941 CET1236INData Raw: 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6e 65 77 73 22 3e 46 6f 78 20 4e 65 77 73 3c 2f 61 3e 0a 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 61 62 6f 75 74 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61
                        Data Ascii: </form> <a href="news">Fox News</a> <br> <a href="about">Learn more about our email marketing agency</a> <br> <a href="opt-out">Unsubscribe from our newsletter</a> <br> <a href="privacy">Privacy Policy</a></div>
                        Dec 31, 2024 17:14:25.235430002 CET488OUTGET /news HTTP/1.1
                        Host: 4.lkx91.michaelhuegel.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Referer: http://4.lkx91.michaelhuegel.com/
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Dec 31, 2024 17:14:25.417233944 CET1236INHTTP/1.1 200 OK
                        Content-Type: text/html; charset=utf-8
                        X-Address: gin_throttle_mw_7200000000_8.46.123.189
                        X-Ratelimit-Limit: 500
                        X-Ratelimit-Remaining: 481
                        X-Ratelimit-Reset: 1735664773
                        Date: Tue, 31 Dec 2024 16:14:25 GMT
                        Transfer-Encoding: chunked
                        Data Raw: 38 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 78 20 4e 65 77 73 20 57 6f 72 6c 64 20 52 53 53 20 46 65 65 64 20 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 36 66 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 [TRUNCATED]
                        Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Fox News World RSS Feed - wattsgroup.co.nz </title> <style> body { font-family: Arial, sans-serif; background-color: #f4f6f9; color: #333; margin: 0; padding: 0; } .container { width: 80%; margin: 0 auto; } h1 { font-size: 2rem; margin: 2rem 0; } .news-item { background-color: white; padding: 1.5rem; margin-bottom: 1rem; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24); } .news-item h2 { font-size: 1.5rem; margin-bottom: 1rem; } .news-item a { color: #1a73e8; text-decoration: none;
                        Dec 31, 2024 17:14:37.108808994 CET488OUTGET / HTTP/1.1
                        Host: 4.lkx91.michaelhuegel.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Referer: http://4.lkx91.michaelhuegel.com/news
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Dec 31, 2024 17:14:37.289410114 CET1236INHTTP/1.1 200 OK
                        Content-Type: text/html; charset=utf-8
                        X-Address: gin_throttle_mw_7200000000_8.46.123.189
                        X-Ratelimit-Limit: 500
                        X-Ratelimit-Remaining: 480
                        X-Ratelimit-Reset: 1735664773
                        Date: Tue, 31 Dec 2024 16:14:37 GMT
                        Transfer-Encoding: chunked
                        Data Raw: 38 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 4f 75 72 20 57 65 62 73 69 74 65 20 69 73 20 43 6f 6d 69 6e 67 20 53 6f 6f [TRUNCATED]
                        Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</label> </div> </div> <form id=
                        Dec 31, 2024 17:14:49.168839931 CET489OUTGET /about HTTP/1.1
                        Host: 4.lkx91.michaelhuegel.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Referer: http://4.lkx91.michaelhuegel.com/
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Dec 31, 2024 17:14:49.349778891 CET1236INHTTP/1.1 200 OK
                        Content-Type: text/html; charset=utf-8
                        X-Address: gin_throttle_mw_7200000000_8.46.123.189
                        X-Ratelimit-Limit: 500
                        X-Ratelimit-Remaining: 479
                        X-Ratelimit-Reset: 1735664773
                        Date: Tue, 31 Dec 2024 16:14:49 GMT
                        Transfer-Encoding: chunked
                        Data Raw: 38 30 30 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 62 6f 75 74 20 55 73 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 61 62 6f 75 74 5f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 20 20 20 20 3c 68 31 3e 41 62 6f [TRUNCATED]
                        Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>About Us - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/about_styles.css"></head><body><div class="container"> <h1>About Our Email Marketing Agency</h1> <p>Our email marketing agency specializes in creating effective and engaging email campaigns tailored to meet the unique needs of businesses of all sizes. With a team of experienced marketing professionals, we are dedicated to helping our clients achieve their marketing goals and drive growth through the power of email marketing.</p> <p>At our agency, we understand the importance of personalized, targeted email marketing strategies. By combining cutting-edge technology with data-driven insights and creative expertise, we deliver email campaigns that resonate with your audience, foster cu


                        Session IDSource IPSource PortDestination IPDestination Port
                        2192.168.2.2450625172.217.16.13180
                        TimestampBytes transferredDirectionData
                        Dec 31, 2024 17:14:16.503844023 CET200OUTGET /r/r1.crl HTTP/1.1
                        Cache-Control: max-age = 3000
                        Connection: Keep-Alive
                        Accept: */*
                        If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                        User-Agent: Microsoft-CryptoAPI/10.0
                        Host: c.pki.goog
                        Dec 31, 2024 17:14:17.114521027 CET223INHTTP/1.1 304 Not Modified
                        Date: Tue, 31 Dec 2024 15:25:54 GMT
                        Expires: Tue, 31 Dec 2024 16:15:54 GMT
                        Age: 2903
                        Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                        Cache-Control: public, max-age=3000
                        Vary: Accept-Encoding


                        Session IDSource IPSource PortDestination IPDestination Port
                        3192.168.2.24506262.23.197.18480
                        TimestampBytes transferredDirectionData
                        Dec 31, 2024 17:14:17.135473013 CET227OUTGET / HTTP/1.1
                        Cache-Control: max-age = 3600
                        Connection: Keep-Alive
                        Accept: */*
                        If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMT
                        If-None-Match: "65ca969f-2cd"
                        User-Agent: Microsoft-CryptoAPI/10.0
                        Host: x1.c.lencr.org
                        Dec 31, 2024 17:14:17.774312019 CET1023INHTTP/1.1 200 OK
                        Server: nginx
                        Content-Type: application/pkix-crl
                        Last-Modified: Fri, 13 Dec 2024 18:01:23 GMT
                        ETag: "675c7673-2de"
                        Cache-Control: max-age=3600
                        Expires: Tue, 31 Dec 2024 17:14:17 GMT
                        Date: Tue, 31 Dec 2024 16:14:17 GMT
                        Content-Length: 734
                        Connection: keep-alive
                        Data Raw: 30 82 02 da 30 81 c3 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 17 0d 32 34 31 32 31 31 30 30 30 30 30 30 5a 17 0d 32 35 31 31 31 30 32 33 35 39 35 39 5a a0 40 30 3e 30 1f 06 03 55 1d 23 04 18 30 16 80 14 79 b4 59 e6 7b b6 e5 e4 01 73 80 08 88 c8 1a 58 f6 e9 9b 6e 30 0a 06 03 55 1d 14 04 03 02 01 69 30 0f 06 03 55 1d 1c 01 01 ff 04 05 30 03 82 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 02 01 00 25 d9 d5 af d1 d6 2f 91 05 35 50 65 d7 ad 13 d8 3b 73 d1 3f 5e 09 69 7f d7 82 29 12 c5 82 d0 96 fe 5f 07 a4 fe f5 92 dc e4 e2 8a 1a 2a 29 c5 eb 97 c8 85 a5 44 9b 9d ba 7b 05 2b 3f e3 3c 18 1c de 8d 37 f6 27 b5 e7 9b ef 45 e7 57 0e c1 f9 07 a5 95 44 fe e1 de 7f 9d e1 31 8c f8 1b 4f 18 5d f8 3d d7 5b e6 e2 03 a6 cb 71 0d ef 7a fe e0 8e f4 5d 1c c5 [TRUNCATED]
                        Data Ascii: 000*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X1241211000000Z251110235959Z@0>0U#0yY{sXn0Ui0U00*H%/5Pe;s?^i)_*)D{+?<7'EWD1O]=[qz]"2t@^+(zULdQpK?W)pqxW[6[V7?36_s$BwT+xw_]df_nu}yIqC`sVuP,@`|T+`/Pm w[!:O%'w9enSkbv}gGL")V 2kzr/xx}8i]oA,^i=pt>#6&7$_?k/( kAslBQDhXh~N T/BF?QCG*wsS:


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.2.2450612185.246.85.141801208C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        Dec 31, 2024 17:14:22.383096933 CET6OUTData Raw: 00
                        Data Ascii:


                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination Port
                        0192.168.2.245059223.201.169.47443
                        TimestampBytes transferredDirectionData
                        2024-12-31 16:13:22 UTC746OUTGET /api/tips-content/de-ch/xml/tips?release=cobalt&environment=dashboard&resolutionType=merge HTTP/1.1
                        Host: cxcs.microsoft.net
                        Connection: keep-alive
                        sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36
                        sec-ch-ua-platform: "Windows"
                        Accept: */*
                        Origin: https://windows.msn.com
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Dest: empty
                        Referer: https://windows.msn.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        If-None-Match: "93eaa60326dc4c17c3c6a4c2dbeb6569"
                        2024-12-31 16:13:22 UTC203INHTTP/1.1 304 Not Modified
                        Content-Type: text/xml; charset=utf-8
                        ETag: "93eaa60326dc4c17c3c6a4c2dbeb6569"
                        Cache-Control: public, max-age=3214
                        Date: Tue, 31 Dec 2024 16:13:22 GMT
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination Port
                        1192.168.2.245059620.189.173.11443
                        TimestampBytes transferredDirectionData
                        2024-12-31 16:13:25 UTC473OUTPOST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1735661603065&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1
                        Accept-Encoding: gzip, deflate
                        Content-Length: 4605
                        Content-Type: application/json; charset=UTF-8
                        Host: browser.events.data.msn.cn
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        2024-12-31 16:13:25 UTC4605OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 53 65 72 76 65 72 4c 6f 67 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 63 34 39 38 37 31 31 66 30 32 36 35 34 65 64 63 61 38 61 37 31 35 63 61 36 65 31 63 62 34 64 34 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 33 31 54 31 36 3a 31 33 3a 31 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 64 61 74 61 22 3a 7b 22 70 61 67 65 22 3a 7b 22 70 72 6f 64 75 63 74 22 3a 22 65 6e 74 77 69 6e 64 6f 77 73 64 61 73 68 22 2c 22 61 70 70 54 79 70 65 22 3a 22 77 69 6e 57 69 64 67 65 74 73 22 2c 22 6e 61 6d 65 22 3a 22 77 69 6e 70 32 62 61 63 6b 69 6e 67 61 70 70 22 2c 22 69 73 4d 6f 63 6b 45 6e 76 22 3a 66 61 6c 73 65 2c 22 68 6f 73 74 56 65 72 22 3a 22 35 32 34 2e 33 30 35 30 32 2e 33 30 2e 30 22 2c 22
                        Data Ascii: {"name":"MS.News.Web.ServerLog","iKey":"o:c498711f02654edca8a715ca6e1cb4d4","time":"2024-12-31T16:13:13Z","ver":"4.0","data":{"page":{"product":"entwindowsdash","appType":"winWidgets","name":"winp2backingapp","isMockEnv":false,"hostVer":"524.30502.30.0","


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.2450623152.199.21.175443
                        TimestampBytes transferredDirectionData
                        2024-12-31 16:13:58 UTC399OUTGET /creativeservice/2d863f0f-0fd5-72db-6971-f905df03ef53_3255140379518978990_128000000004796009_assets__image_1709055739600.jpg HTTP/1.1
                        Accept: */*
                        Accept-Encoding: gzip, deflate, br
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631
                        Host: res.public.onecdn.static.microsoft
                        Connection: Keep-Alive
                        2024-12-31 16:13:58 UTC1143INHTTP/1.1 200 OK
                        Accept-Ranges: bytes
                        Access-Control-Allow-Headers: *
                        Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                        Access-Control-Allow-Origin: *
                        Access-Control-Expose-Headers: date,X-Cdn-Provider,X-Ms-Request-Id
                        Age: 486194
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Cache-Control: max-age=31536000
                        Content-Type: text/plain
                        Date: Tue, 31 Dec 2024 16:13:58 GMT
                        Last-Modified: Thu, 12 Dec 2024 01:09:10 GMT
                        NEL: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
                        Report-To: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=New York&ASN=3356&Country=US&Region=NY&RequestIdentifier=1704931718192653772613183170650464665760"}],"include_subdomains ":true}
                        Server: ECAcc (lhc/790A)
                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                        Timing-Allow-Origin: *
                        Vary: Accept-Encoding
                        X-Cache: HIT
                        X-CDN-Provider: Verizon
                        x-ms-request-id: d0261baf-601e-0057-7732-5751a4000000
                        Content-Length: 2495
                        Connection: close
                        2024-12-31 16:13:58 UTC2495INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 01 00 48 00 48 00 00 ff db 00 43 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff db 00 43 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff c0 00 11 08 00 40 00 40 03 01 11 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                        Data Ascii: JFIFHHCC@@}!1AQa"q2


                        Session IDSource IPSource PortDestination IPDestination Port
                        3192.168.2.245063340.115.3.253443
                        TimestampBytes transferredDirectionData
                        2024-12-31 16:14:44 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 33 56 4c 69 41 45 31 73 35 30 36 32 56 5a 6a 6f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 65 34 30 38 33 35 30 30 37 31 62 35 30 34 30 0d 0a 0d 0a
                        Data Ascii: CNT 1 CON 316MS-CV: 3VLiAE1s5062VZjo.1Context: ee408350071b5040
                        2024-12-31 16:14:44 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
                        2024-12-31 16:14:44 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 33 56 4c 69 41 45 31 73 35 30 36 32 56 5a 6a 6f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 65 34 30 38 33 35 30 30 37 31 62 35 30 34 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4b 74 71 50 53 30 32 58 70 57 57 57 6f 35 4b 39 44 67 76 75 5a 53 55 69 6a 4d 4c 4a 69 4a 48 32 61 7a 2f 72 67 58 4b 4d 64 6c 59 68 33 75 58 63 4e 78 78 42 69 30 2f 6c 38 46 62 38 6b 4a 45 4a 6c 44 51 73 34 63 2b 56 79 68 44 78 65 52 32 68 6b 76 64 50 57 65 32 63 54 49 34 71 49 4d 4e 46 65 79 33 37 34 42 61 52 69 70 36 4d
                        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 3VLiAE1s5062VZjo.2Context: ee408350071b5040<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcKtqPS02XpWWWo5K9DgvuZSUijMLJiJH2az/rgXKMdlYh3uXcNxxBi0/l8Fb8kJEJlDQs4c+VyhDxeR2hkvdPWe2cTI4qIMNFey374BaRip6M
                        2024-12-31 16:14:44 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 33 56 4c 69 41 45 31 73 35 30 36 32 56 5a 6a 6f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 65 34 30 38 33 35 30 30 37 31 62 35 30 34 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                        Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: 3VLiAE1s5062VZjo.3Context: ee408350071b5040<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                        2024-12-31 16:14:45 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                        Data Ascii: 202 1 CON 58
                        2024-12-31 16:14:45 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4f 75 35 45 58 51 6e 71 4d 30 61 72 4e 6c 6d 48 37 7a 7a 75 46 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                        Data Ascii: MS-CV: Ou5EXQnqM0arNlmH7zzuFw.0Payload parsing failed.


                        Session IDSource IPSource PortDestination IPDestination Port
                        4192.168.2.245063540.115.3.253443
                        TimestampBytes transferredDirectionData
                        2024-12-31 16:14:46 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 30 63 4a 6e 36 55 35 4f 36 30 65 6b 46 6c 31 6e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 31 32 31 39 38 37 39 64 63 63 31 38 62 66 0d 0a 0d 0a
                        Data Ascii: CNT 1 CON 316MS-CV: 0cJn6U5O60ekFl1n.1Context: d71219879dcc18bf
                        2024-12-31 16:14:46 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
                        2024-12-31 16:14:46 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 30 63 4a 6e 36 55 35 4f 36 30 65 6b 46 6c 31 6e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 31 32 31 39 38 37 39 64 63 63 31 38 62 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4b 74 71 50 53 30 32 58 70 57 57 57 6f 35 4b 39 44 67 76 75 5a 53 55 69 6a 4d 4c 4a 69 4a 48 32 61 7a 2f 72 67 58 4b 4d 64 6c 59 68 33 75 58 63 4e 78 78 42 69 30 2f 6c 38 46 62 38 6b 4a 45 4a 6c 44 51 73 34 63 2b 56 79 68 44 78 65 52 32 68 6b 76 64 50 57 65 32 63 54 49 34 71 49 4d 4e 46 65 79 33 37 34 42 61 52 69 70 36 4d
                        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 0cJn6U5O60ekFl1n.2Context: d71219879dcc18bf<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcKtqPS02XpWWWo5K9DgvuZSUijMLJiJH2az/rgXKMdlYh3uXcNxxBi0/l8Fb8kJEJlDQs4c+VyhDxeR2hkvdPWe2cTI4qIMNFey374BaRip6M
                        2024-12-31 16:14:46 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 30 63 4a 6e 36 55 35 4f 36 30 65 6b 46 6c 31 6e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 31 32 31 39 38 37 39 64 63 63 31 38 62 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                        Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: 0cJn6U5O60ekFl1n.3Context: d71219879dcc18bf<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                        2024-12-31 16:14:46 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                        Data Ascii: 202 1 CON 58
                        2024-12-31 16:14:46 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6a 63 33 68 78 2f 42 6d 30 55 61 45 72 76 74 62 58 31 49 32 45 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                        Data Ascii: MS-CV: jc3hx/Bm0UaErvtbX1I2EA.0Payload parsing failed.


                        Session IDSource IPSource PortDestination IPDestination Port
                        5192.168.2.245063740.115.3.253443
                        TimestampBytes transferredDirectionData
                        2024-12-31 16:14:55 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 36 49 54 35 32 4e 5a 53 5a 45 4f 64 48 4a 47 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 61 39 39 36 35 66 66 64 34 65 37 62 38 37 66 0d 0a 0d 0a
                        Data Ascii: CNT 1 CON 316MS-CV: 6IT52NZSZEOdHJGK.1Context: ca9965ffd4e7b87f
                        2024-12-31 16:14:55 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
                        2024-12-31 16:14:55 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 36 49 54 35 32 4e 5a 53 5a 45 4f 64 48 4a 47 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 61 39 39 36 35 66 66 64 34 65 37 62 38 37 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4b 74 71 50 53 30 32 58 70 57 57 57 6f 35 4b 39 44 67 76 75 5a 53 55 69 6a 4d 4c 4a 69 4a 48 32 61 7a 2f 72 67 58 4b 4d 64 6c 59 68 33 75 58 63 4e 78 78 42 69 30 2f 6c 38 46 62 38 6b 4a 45 4a 6c 44 51 73 34 63 2b 56 79 68 44 78 65 52 32 68 6b 76 64 50 57 65 32 63 54 49 34 71 49 4d 4e 46 65 79 33 37 34 42 61 52 69 70 36 4d
                        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 6IT52NZSZEOdHJGK.2Context: ca9965ffd4e7b87f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcKtqPS02XpWWWo5K9DgvuZSUijMLJiJH2az/rgXKMdlYh3uXcNxxBi0/l8Fb8kJEJlDQs4c+VyhDxeR2hkvdPWe2cTI4qIMNFey374BaRip6M
                        2024-12-31 16:14:55 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 36 49 54 35 32 4e 5a 53 5a 45 4f 64 48 4a 47 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 61 39 39 36 35 66 66 64 34 65 37 62 38 37 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                        Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: 6IT52NZSZEOdHJGK.3Context: ca9965ffd4e7b87f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                        2024-12-31 16:14:55 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                        Data Ascii: 202 1 CON 58
                        2024-12-31 16:14:55 UTC58INData Raw: 4d 53 2d 43 56 3a 20 55 70 42 68 4a 34 71 71 57 45 53 46 50 43 4d 30 58 73 4f 38 47 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                        Data Ascii: MS-CV: UpBhJ4qqWESFPCM0XsO8GQ.0Payload parsing failed.


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:11:13:29
                        Start date:31/12/2024
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                        Imagebase:0x7ff6fc7d0000
                        File size:3'001'952 bytes
                        MD5 hash:290DF23002E9B52249B5549F0C668A86
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false

                        General

                        Target ID:2
                        Start time:11:13:30
                        Start date:31/12/2024
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1812,i,5676968392746827338,17800175750088234751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2236 /prefetch:11
                        Imagebase:0x7ff6fc7d0000
                        File size:3'001'952 bytes
                        MD5 hash:290DF23002E9B52249B5549F0C668A86
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false

                        General

                        Target ID:7
                        Start time:11:13:36
                        Start date:31/12/2024
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK"
                        Imagebase:0x7ff6fc7d0000
                        File size:3'001'952 bytes
                        MD5 hash:290DF23002E9B52249B5549F0C668A86
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        Disassembly

                        No disassembly